Researchers in Security company ThreatFabric A new malware company has revealed in Google Play that attacks users in Europe with banking Trojans, called Anatsa.
Since November, ThreatFabric has recorded a series of attacks against users in countries such as Slovakia, Slovenia, Spain, the United Kingdom, the Czech Republic and Germany, and in total the malicious apps have been downloaded more than 150,000 times.
Opposite a sleeping computer The company says that's likely a low estimate, and that the actual number is probably closer to 200,000.
Deceive users
The five apps, which have now been removed from the Play Store, tricked Android's accessibility service by tricking users into thinking they were only pausing certain apps. Instead, users granted the infected apps access to the device's accessibility service.
In this way, applications get elevated access to the system and can download malicious code that can install malware on the device. Because Anatsa is a banking Trojan, infected apps attempt to steal banking information from the victim's device, increasing the risk of an attacker being able to access your bank account.
Apple cheated
Cross them out
According to security researchers, the applications were designed to appear in the list of the most popular new free applications in the Play Store, to increase the chances of downloading them. As you can see below, we are talking about fake mobile widgets and PDF viewer apps.
These are the five applications:
- Phone Cleaner – File Explorer
- PDF Viewer – File Explorer
- PDF Reader – Viewer and Editor
- Phone Cleaner: File Explorer
- PDF Reader: File Manager
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”
